In this model, users and groups are the same concept. A group can
belong to another group. We only distinguish, for practical
matters, between "login enabled" users and "group only" users: the
former has Some (eventually void) password, the latter has
None.